My Kinda SOC

A Security Operations Center(SOC) helps enterprises detect,respond and investigate security incidents. As breaches continue to grow, more enterprises are looking for building or outsourcing their SOC. This blog lists some of the capabilities that today’s SOC should have. This, of course, is my own view and I welcome you to send any comments via Twitter – follow…

Looking Back, Looking Ahead: Why I Came to RSA

As I complete six months at RSA, I wanted to reflect upon a critical decision I made a number of years ago that eventually led me here. I had been at a large tech company and over the years fostered great relationships within the company allowing me to establish myself. As a whole, the company…

“I’m more than just my job!”

In this hectic, modern world, too often many people feel reduced to the sum of their professional responsibilities.  In a small way, this feeling is driven by our current IT methods to determine access to IT systems and applications. With ‘Role-based’ access control – you are literally no more than just your job! Essentially, your…

E2: The Maestro’s Score – Opening Salvo

“Why are you putting your coat on?”  Greg asked while peering over the cube wall. Marty slid his arm into his jacket and sighed.  His small surge of excitement deflated a bit as now he had to enter into the inevitable argument with his coworker. “I need to go see Carl.” “Carl?  Really?” “Yes.  Carl. …

Tokenization and E-commerce: The Silver Bullet We’ve Been Looking For?

As we work with customers to help advance their anti-fraud efforts in their online channels, we’ve increasingly been asked about the impact of tokenization – will it simplify security efforts, or even make some of our existing technologies obsolete as a result of the protection it provides? To answer these questions, we need to first…

The Malicious Insider: Hiding in Plain Sight

Insider attacks are different from external attacks because insiders already have a foothold in the organization.  As defined by  CERT, “a malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or…

The Incompleteness Theorem: Why Every Organization Needs an Incident Response Capability

Some cybersecurity experts may already be familiar with the Incompleteness Theorem, which Stanford University counts among the most important results of modern logic. What you may not have considered is the interesting implications it has on the ubiquitous need for incident response. Published in 1931 by mathematician Kurt Gödel, the Incompleteness Theorem established that in…

Communities of Action against Cyber Risks

One of the major themes in the London Gartner Security and Risk Management Summit and the Washington DC Borderless Cyber summit, both of which I attended recently, was the transformative nature of shared information in combatting cyber threats. Richard Struse, chair of the OASIS Cyber Threat Intelligence Technical Committee, spoke of the goal of that…

E1: Enter the Maestro – Technical Dialogue

In Episode 1 “Enter the Maestro”, the Hunter uncovers a mysterious band of men stalking some important locations in the Kingdom.  These men, hiding in plain sight, are gathering information for perhaps a greater attack.   The Hunter tracks them down and determines that they are sending information back to the Maestro, a new mysterious member…

My So-Called Digital Life

Like most, I have a very rich and fulfilling digital life. My smart phone is at hand 24×7 and I use apps to check weather and Facebook, bank, shop, scan real estate and even tell me if I have hung a picture straight. (Alas I am not a gamer.) I also do all of these…